Support #929
closedsetup 3 server contabo untuk mokirim
Added by Arko Sasongko over 1 year ago. Updated 9 months ago.
Description
1. Install galera cluster di 3 mesin tersebut
2. Install elasticsearch cluster di 3 mesin tersebut
3. Install aplikasi setara di 1 server
4. Install aplikasi web Mokirim di 1 server yang berbeda
5. Install mail Mokirim di server yang berbeda: postfix dan dovecot
6. Install DNS Mokirim yang akan berfungsi sebagai primary. Secondary nya di taruh di DNS wahana aja atau tempat lain
catatan:
Memory diatur kecil saja untuk elasticsearch nya. 60% dialokasikan untuk MySQL dan Elasticsearch. Dari situ, 60%ny untuk elasticsearch
Updated by Arko Sasongko over 1 year ago
- Status changed from New to In Progress
- % Done changed from 0 to 40
- tambahkan hostname di NS:
mk1.wahana.com : 185.111.159.245
mk2.wahana.com : 194.195.90.25
mk3.wahana.com : 194.195.90.9
--
setup mk1.wahana.com, mk2.wahana.com, mk3.wahana.com
install : htop iotop iptraf-ng lynx screen mc finger firewalld
mk1.wahana.com:
-- ES sudah diinstall
-- MariaDB sudah diinstall
-- apps Setara; install nginx, uwsgi, uwsgi-plugin-psgi, install uwsgi-plugin-psgi uwsgi nginx-full uwsgi-extra uwsgi-plugins-all uwsgi-dev
mk2.wahana.com:
-- ES sudah diinstall
-- MariaDB sudah diinstall
-- mailserver, postfixadmin; install nginx
mk3.wahana.com:
-- ES sudah diinstall
-- MariaDB sudah diinstall
-- web mokirim.com; install nginx
-- BIND / DNS master mokirim.com
Updated by Arko Sasongko over 1 year ago
- ternyata tidak dikenali juga
- kontak support contabo lagi dan infokan perihal ini
- setup ulang server yang di-reinstall
Updated by Arko Sasongko over 1 year ago
mk2.wahana.com:
--------------------------- Security autoconfiguration information ------------------------------
Authentication and authorization are enabled.
TLS for the transport and HTTP layers is enabled and configured.
The generated password for the elastic built-in superuser is : CBNhe2PTL_VH9ljbjsLo
If this node should join an existing cluster, you can reconfigure this with
'/usr/share/elasticsearch/bin/elasticsearch-reconfigure-node --enrollment-token <token-here>'
after creating an enrollment token on your existing cluster.
You can complete the following actions at any time:
Reset the password of the elastic built-in superuser with
'/usr/share/elasticsearch/bin/elasticsearch-reset-password -u elastic'.
Generate an enrollment token for Kibana instances with
'/usr/share/elasticsearch/bin/elasticsearch-create-enrollment-token -s kibana'.
Generate an enrollment token for Elasticsearch nodes with
'/usr/share/elasticsearch/bin/elasticsearch-create-enrollment-token -s node'.
- NOT starting on installation, please execute the following statements to configure elasticsearch service to start automatically using systemd
sudo systemctl daemon-reload
sudo systemctl enable elasticsearch.service - You can start elasticsearch service by executing
sudo systemctl start elasticsearch.service
===============================
Updated by Arko Sasongko over 1 year ago
- % Done changed from 50 to 60
mk1.mokirim.com + mk3.mokirim.com
-- setup elasticsearch
apt install htop iotop iptraf-ng lynx screen mc finger firewalld nmap bind9-utils bmon fail2ban y
apt install dirmngr ca-certificates software-properties-common apt-transport-https lsb-release curl -y
wget q https://artifacts.elastic.co/GPG-KEY-elasticsearch -O | sudo gpg --dearmor o /usr/share/keyrings/elasticsearch-keyring.gpg
echo "deb [signed-by=/usr/share/keyrings/elasticsearch-keyring.gpg] https://artifacts.elastic.co/packages/8.x/apt stable main" | sudo tee /etc/apt/sources.list.d/elastic-8.x.list
apt update
apt install elasticsearch
---
mk1.mokirim.com ES:
--------------------------- Security autoconfiguration information ------------------------------
Authentication and authorization are enabled.
TLS for the transport and HTTP layers is enabled and configured.
The generated password for the elastic built-in superuser is : ouvOiWHaD1NQ7+oat8_L
If this node should join an existing cluster, you can reconfigure this with
'/usr/share/elasticsearch/bin/elasticsearch-reconfigure-node --enrollment-token <token-here>'
after creating an enrollment token on your existing cluster.
You can complete the following actions at any time:
Reset the password of the elastic built-in superuser with
'/usr/share/elasticsearch/bin/elasticsearch-reset-password -u elastic'.
Generate an enrollment token for Kibana instances with
'/usr/share/elasticsearch/bin/elasticsearch-create-enrollment-token -s kibana'.
Generate an enrollment token for Elasticsearch nodes with
'/usr/share/elasticsearch/bin/elasticsearch-create-enrollment-token -s node'.
- NOT starting on installation, please execute the following statements to configure elasticsearch service to start automatically using systemd
sudo systemctl daemon-reload
sudo systemctl enable elasticsearch.service - You can start elasticsearch service by executing
sudo systemctl start elasticsearch.service
======
mk1.mokirim.com mariadb:
--
apt install wget apt-transport-https
wget https://r.mariadb.com/downloads/mariadb_repo_setup
echo "935944a2ab2b2a48a47f68711b43ad2d698c97f1c3a7d074b34058060c2ad21b mariadb_repo_setup" \ | sha256sum -c -
chmod +x mariadb_repo_setup
sudo ./mariadb_repo_setup
--
apt install mariadb-backup mariadb-client mariadb-client-core mariadb-server mariadb-server-core libmariadb3 galera-4
--
setup mk1, mk2, mk3 sbg mariadb nodes di galera-cluster 'cluster-mokirim',
file konfigurasi mariadb : /etc/mysql/mariadb.conf.d/z-default.cnf
Updated by Arko Sasongko over 1 year ago
- % Done changed from 60 to 70
- setup elasticsearch:
apt install dirmngr ca-certificates software-properties-common apt-transport-https lsb-release curl -y
wget q https://artifacts.elastic.co/GPG-KEY-elasticsearch -O | sudo gpg --dearmor -o /usr/share/keyrings/elasticsearch-keyring.gpg
echo "deb [signed-by=/usr/share/keyrings/elasticsearch-keyring.gpg] https://artifacts.elastic.co/packages/8.x/apt stable main" | sudo tee /etc/apt/sources.list.d/elastic-8.x.list
apt update; apt install elasticsearch
----
=======================================================================================================
ES mk3.mokirim.com:
--------------------------- Security autoconfiguration information ------------------------------
Authentication and authorization are enabled.
TLS for the transport and HTTP layers is enabled and configured.
The generated password for the elastic built-in superuser is : 4dSJfLQFGKPHliF0n0L*
If this node should join an existing cluster, you can reconfigure this with
'/usr/share/elasticsearch/bin/elasticsearch-reconfigure-node --enrollment-token <token-here>'
after creating an enrollment token on your existing cluster.
You can complete the following actions at any time:
Reset the password of the elastic built-in superuser with
'/usr/share/elasticsearch/bin/elasticsearch-reset-password -u elastic'.
Generate an enrollment token for Kibana instances with
'/usr/share/elasticsearch/bin/elasticsearch-create-enrollment-token -s kibana'.
Generate an enrollment token for Elasticsearch nodes with
'/usr/share/elasticsearch/bin/elasticsearch-create-enrollment-token -s node'.
- NOT starting on installation, please execute the following statements to configure elasticsearch service to start automatically using systemd
sudo systemctl daemon-reload
sudo systemctl enable elasticsearch.service - You can start elasticsearch service by executing
sudo systemctl start elasticsearch.service
=======================================================================================================
ES mk1.mokirim.com
--------------------------- Security autoconfiguration information ------------------------------
Authentication and authorization are enabled.
TLS for the transport and HTTP layers is enabled and configured.
The generated password for the elastic built-in superuser is : q+e6x6WC4FmTXON=0_Ux
If this node should join an existing cluster, you can reconfigure this with
'/usr/share/elasticsearch/bin/elasticsearch-reconfigure-node --enrollment-token <token-here>'
after creating an enrollment token on your existing cluster.
You can complete the following actions at any time:
Reset the password of the elastic built-in superuser with
'/usr/share/elasticsearch/bin/elasticsearch-reset-password -u elastic'.
Generate an enrollment token for Kibana instances with
'/usr/share/elasticsearch/bin/elasticsearch-create-enrollment-token -s kibana'.
Generate an enrollment token for Elasticsearch nodes with
'/usr/share/elasticsearch/bin/elasticsearch-create-enrollment-token -s node'.
- NOT starting on installation, please execute the following statements to configure elasticsearch service to start automatically using systemd
sudo systemctl daemon-reload
sudo systemctl enable elasticsearch.service - You can start elasticsearch service by executing
sudo systemctl start elasticsearch.service =======================================================================================================
======
elasticsearch:
/etc/hosts :
185.111.159.245 vmi1574618.contaboserver.net vmi1574618 mk1.mokirim.com node01
194.195.90.25 mk2.mokirim.com node02
194.195.90.9 mk3.mokirim.com node03
--
mk1.mokirim.com node01 node01.mokirim.com
mk2.mokirim.com node02 node02.mokirim.com
mk3.mokirim.com node03 node03.mokirim.com
--
[2024-01-02T18:47:45,414][INFO ][o.e.x.s.InitialNodeSecurityAutoConfiguration] [node01] Auto-configuration will not generate a password for the elastic built-in superuser, as we cannot determine if there is a terminal attached to the elasticsearch process. You can use the `bin/elasticsearch-reset-password` tool to set the password for the elastic user.
--
mk1.mokirim.com:
eyJ2ZXIiOiI4LjExLjMiLCJhZHIiOlsiMTg1LjExMS4xNTkuMjQ1Ojk0MDAiXSwiZmdyIjoiZTFlYmExZjY2NDlkNDMwYWQzM2I3NjFkNzg2MjBlYWI5NzJlZWRjZjc2ZmM4ZmEzM2MzNjI5M2YwM2JiZDZhYSIsImtleSI6InlBUGF5WXdCRjN5OHNNeU9nUFFWOm5jWnVteUUtUnZlMExzREFIVzVnd1EifQ==
---
--
=======================================================================================================
set firewall-cmd:
mariadb galera cluster port open:
3306 / tcp
4567 / tcp
4567/udp
4568 / tcp
4444 / tcp
elasticsearch port open:
9400 / tcp
9443 / tcp
9300 / tcp
firewall-cmd --new-zone=mariadb --permanent
firewall-cmd --reload
firewall-cmd --get-zones ==> block dmz drop external home internal mariadb public trusted work
firewall-cmd --zone=mariadb --add-source=185.111.159.245/32 --add-source=194.195.90.25/32 --add-source=194.195.90.9/32 --add-source=127.0.0.1 --permanent
firewall-cmd --reload
firewall-cmd --zone=mariadb --add-port=3306/tcp --add-port=4567/tcp --add-port=4567/udp --add-port=4568/tcp --add-port=4444/tcp --add-port=9400/tcp --add-port=9300/tcp --add-port=9443/tcp --permanent
firewall-cmd --reload
firewall-cmd --zone=mariadb --list-all
firewall-cmd --zone=public --add-service=https --permanent
firewall-cmd --reload
Updated by Arko Sasongko over 1 year ago
nama mariadb nodes:
mk1.mokirim.com node01 node01.mokirim.com
mk2.mokirim.com node02 node02.mokirim.com
mk3.mokirim.com node03 node03.mokirim.com
---
file konfigurasi mariadb : /etc/mysql/mariadb.conf.d/z-default.cnf
Updated by Arko Sasongko over 1 year ago
--
rsync source saas.mokirim dan saas dari 105 ke mk1.mokirim.com
konfigurasi saas-mokirim.conf, saas.conf
update SSL certificate untuk saas.mokirim.com dengan letsencrypt
install + setup perl library
Updated by Arko Sasongko over 1 year ago
mk1.mokirim.com:
---
/usr/share/elasticsearch/bin/elasticsearch-create-enrollment-token -s node
output:
eyJ2ZXIiOiI4LjExLjMiLCJhZHIiOlsiMTg1LjExMS4xNTkuMjQ1Ojk0MDAiXSwiZmdyIjoiZTFlYmExZjY2NDlkNDMwYWQzM2I3NjFkNzg2MjBlYWI5NzJlZWRjZjc2ZmM4ZmEzM2MzNjI5M2YwM2JiZDZhYSIsImtleSI6InlBUGF5WXdCRjN5OHNNeU9nUFFWOm5jWnVteUUtUnZlMExzREFIVzVnd1EifQ==
Updated by Arko Sasongko over 1 year ago
Updated by Arko Sasongko 9 months ago
- Status changed from In Progress to Closed
- % Done changed from 80 to 100